New from Upbound: RBAC, Spaces 1.4, and more

June 11, 2024

Read time: 4 mins

Craig D Wilhite

Share:

Following our last update to the Upbound product on April 30th, we’re back to announce a raft of new features that rolled out to the product last week. 

On the heels of shipping Spaces v1.4.0, current users get to experience Upbound RBAC, a new feature of Upbound IAM, that gives users a unified role-based access control experience across all their managed control planes. 

We’re also showcasing new Console experiences for secrets management and backup and restore. Not to mention the updates to MCP Connector, new additions to the Upbound Official Providers list, and more. It’s been a busy month for Upbound – let’s dig in!

Introducing Upbound RBAC

 

Upbound IAM sees the inaugural addition of role-based access control (RBAC) across the entire product. RBAC enables an administrator to tailor access to Upbound infrastructure based on an employee's role in your organization. This experience is enabled at the groups-level within  Upbound.

Administrators can group users into teams and assign those teams to various control plane groups with the role of either viewer, editor, or admin. These roles determine what users in those teams are able to do within that group, such as to only be able to view resources on a control plane but not delete them, or to isolate teams from seeing control planes in groups they shouldn’t have access to. Users’ experience in the Console is likewise restricted based on their role and what resource they’re trying to gain access to.

Upbound’s Managed Control Plane Connector (MCP Connector) allows you to make a control plane’s APIs available on an app cluster. To coincide with the addition of Upbound RBAC, we just released v0.5.0 of MCP Connector with support for auth with Upbound IAM.

Secrets management in the Console

 

In the previous product update, we announced new Shared Secrets functionality. This feature offers an out-of-the-box way to project external secrets from a central keystore directly into your control planes. This feature, while still in preview, is now broadly available across all deployment modes of Upbound. If you’re running control planes in an Upbound-managed Cloud Space, you can use the feature today. Or you can deploy your own single-tenant Space and enable the feature. 

Backup and restore in the Console

 

In the previous product update, we announced new Backup and Restore functionality. This feature offers an out-of-the-box way to take manual backups, set automatic schedules, and execute restore operations for your control planes. This feature, while still in preview, is now broadly available across all deployment modes of Upbound. If you’re running control planes in an Upbound-managed Cloud Space, you can use the feature today. Or you can deploy your own single-tenant Space and enable the feature.

provider-helm and provider-kubernetes are now Upbound Official

Provider-kubernetes and provider-helm are two useful utility providers commonly used by the community to enable Crossplane to manage Kubernetes resources in a cluster. Initially contributed by Upbound to the community, we’re announcing these providers have been formally included into the Upbound Official Providers list. 

Official Providers reflect Upbound’s commitment to maintaining the provider for users and are labeled to reflect this in the marketplace.

With the latest release of both providers, we’ve also added support for auth to Upbound IAM, so you can use these providers to communicate with and drive interactions with your Upbound managed control planes.

Up CLI improvements

 

Pairing with the release of all these new features, we’ve also cut the latest version of the up CLI v0.31.0. This version of up has several new user-facing improvements:

  • The up CLI’s default up login command now uses the web auth flow that was previously stashed under up web-login
  • We’ve shipped several new fixes to stabilize the experience for up ctx to navigate around contexts in Upbound: across control planes in a group, across groups, across Cloud Spaces.
  • up ctx can now swap contexts across both Cloud+Connected Spaces and Disconnected Spaces. You no longer need to manually point your kubecontext at the hosting cluster of a Disconnected Space and vice versa.

Spaces v1.4.0 available today

All of these new features are powered by the latest release of the core Spaces software, v1.4.0, released last week. If you’ve deployed single-tenant Spaces for Upbound and are running managed control planes in your own environment, you can upgrade to this version today to unlock these new capabilities.If you’re running managed control planes in Upbound-managed multi-tenant Cloud Spaces, you don’t need to do anything–they’re already running this version of Spaces.

If you’d like to see me walk through the shape of the latest Upbound product, check out my webinar. I take you through some of the latest releases to give an insider scoop.

That’s all for this month’s product update. We’ll catch you in the next product release soon!


Craig D Wilhite

Subscribe to the Upbound Newsletter